CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-01-04 Minutes of the CA/Browser Forum Teleconference

2024-01-04 Minutes of the CA/Browser Forum Teleconference

Meeting of the CA/Browser Forum

January 4, 2024

1. Roll Call

Aaron Gable - (Let’s Encrypt), Adam Jones - (Microsoft), Andrea Holland - (VikingCloud), Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Cade Cairns - (Google), Chris Clements - (Google), Christophe Bonjean - (GlobalSign), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), David Kluge - (Google), Dean Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Dustin Hollenback - (Microsoft), Enrico Entschew - (D-TRUST), Inaba Atsushi - (GlobalSign), Johnny Reading - (GoDaddy), Karina Sirota - (Microsoft), Kiran Tummala - (Microsoft), Lucy Buecking - (IdenTrust), Lynn Jeun - (Visa), Mads Henriksveen - (Buypass AS), Marcelo Silva - (Visa), Marco Schambach - (IdenTrust), Mark Nelson - (IdenTrust), Martijn Katerbarg - (Sectigo), Michelle Coon - (OATI), Mrugesh Chandarana - (IdenTrust), Nargis Mannan - (VikingCloud), Nicol So - (CommScope), Nome Huang - (TrustAsia), Paul van Brouwershaven - (Entrust), Peter Miskovic - (Disig), Rebecca Kelley - (Apple), Rollin Yu - (TrustAsia), Roman Fischer - (SwissSign), Scott Rea - (eMudhra), Stephen Davidson - (DigiCert), Steven Deitte - (GoDaddy), Tadahiko Ito - (SECOM Trust Systems), Thomas Zermeno - (SSL.com), Tim Hollebeek - (DigiCert), Trevoli Ponds-White - (Amazon), Wayne Thayer - (Fastly), Wendy Brown - (US Federal PKI Management Authority), Yoshihiko Matsuo - (Japan Registry Services).

2. Read note-well

Dimitris read the note-well

3. Review of Agenda

Agenda was approved without modifications

4. Approval of minutes from the December 7, 2023 Teleconference

Minutes were just distributed. They will be considered for approval at the next Teleconference

5. Server Certificate Working Group update

No updates reported.

Validation Committee:

Met on Dec 16th.
Meeting minutes sent out; discussion on automating EV validation.
DNS-based validation method discussed for further automation.

6. Code Signing Certificate Working Group update

Discussed signing service and high-risk check ballot.
Two ballots proposed simultaneously: signing service and high-risk check.
Discussion period ends on Jan 5th.

7. S/MIME Certificate Working Group update

SMC 05 ballot in discussion period introducing CAA for publicly trusted S/MIME. Dates for adoption: Feb 15th, 2024, and March 15th, 2025.
New ballot for RFC 9495 implementation.
SMC 06 ballot for clarification and corrections.
Reviewing language on Organization Identifier in the subject for EV.

8. Forum Infrastructure Subcommittee update

???

9. NetSec Working Group update

Met on Dec 19th.
Timeline for section 4 ballots.
Updates on the memorandum of understanding from Cloud Security Alliance expected soon.

10. CSCWG charter update

???

11. Survey for the separation of Forum and SCWG bi-weekly Teleconference

Received 21 votes; election closing on Monday.
Trustees (Wayne and Martijn) to process votes.

12. Any Other Business

Dimitris highlighted the need to improve the Guidelines based on public incidents, namely incidents in Bugzilla.

  • Identified a recurring theme in several incidents, often stemming from a misunderstanding of the requirements.
  • Dimitris emphasized the rarity of deliberate violations and highlighted the need to raise awareness within the working groups.
  • Suggested proactively monitoring these incidents to identify repeated patterns and failures, with the goal of addressing misunderstandings.
  • Advocated for creating issues to facilitate a review and potential refinement of the language in those problematic areas.
  • Emphasized the importance of making language more accessible and understandable to reduce misunderstandings and potential issues for Certification Authorities (CAs).

Next call is January 18, 2024. Meeting adjourned.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).